Create a connection with a service principal
To create a connection with a service principal, the best approach is to register the machine using a service principal with silent registration. Alternatively, you can give permissions to the service principal on the machine or the machine group and then create a connection using the service principal.
Give permissions on the machine or machine group
To give permissions on the machine:
- Sign into Power Automate, and then select Machines on the left navigation pane. If the item isn’t in the left navigation pane, select … More and then select the item you want.
- Select the machine or machine group you want to share.
- Select Share, and then search for and select the Application User AAD in your Dataverse instance.
- Select User, and then select Save.
Create the connection using a service principal
Once you have shared the machine with the application user, create the connection. You need to create the connection as the service principal. Creating a connection as a service principal isn't supported with the Power Automate web portal. This is currently only supported with a direct call to the Web API.
Request an access token
First, request an access token to interact with the Power Platform API. More information: Request an access token.
Get the group ID of the machine or group
To be able to create the connection, get the group ID associated with the machine or machine group.
- If it's a group, you can go to Monitor > Machines > Machine groups and select the group. You can then get the group ID from the URL.
- If it's a machine, go to Data > Tables > All > Flow Machine Group. Search for your machine in the list and display the column Flow Machine Group, it's the group ID associated with your machine.
Create a connection using your service principal
To create a connection, send an HTTP PUT to the Power Apps API to create the connection, using the access token that you obtained earlier.
PUT https://{ENVIRONMENT_ID_URL}.environment.api.powerplatform.com/connectivity/connectors/shared_uiflow/connections/{CONNECTION_ID}?api-version=1
Content-Type: application/json
Host: {ENVIRONMENT_ID_URL}.environment.api.powerplatform.com
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJu...
BODY:
{
"properties":
{
"environment":
{
"id": "/providers/Microsoft.PowerApps/environments/{ENVIRONMENT_ID}",
"name":"{ENVIRONMENT_ID}"
},
"connectionParametersSet":
{
"name":"azureRelay",
"values":
{
"username":{"value":"{MACHINE_ACCOUNT}"},
"password":{"value":"{MACHINE_PASSWORD}"},
"targetId":{"value":"{GROUP_ID}"}
}
}
}
}
The above example contains placeholders:
ENVIRONMENT_ID_URL: The environment ID, with all separators removed, and the last two characters separated by a period. (Example: 37520647-dbdf-49fa-ba01-6134c14680c4 -> 37520647dbdf49faba016134c14680.c4).ENVIRONMENT_ID: The environment ID.- CONNECTION_ID: The connection ID used to create the connection. It needs to be a valid GUID. (You can use the
New-GuidPowerShell command to get this). MACHINE_ACCOUNT: The username of the account used to open a Windows session.MACHINE_PASSWORD: The password for the account.GROUP_ID: The group ID you want to create the connection for. More information: Get the group ID of the machine or group
Once the request is completed, save the connection ID that you used in your request. You'll use it in the next step to Prepopulate connection references for automated deployment.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for